Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuring Internal Networks in IPS Manager

How can i define the internal networks for IDS 5.X?

Thank you

3 REPLIES
Silver

Re: Configuring Internal Networks in IPS Manager

This is quite easy to do using IDM... Follow the steps below.

1) https to your sensor and log in with your admin account

2) Go to Configuration --> Event Action Rules --> Event Variables

3) Add and IN variable and define all of your internal IP ranges

4) Add and OUT variable that includes everything else (kind of a pain)

If this helps, please rate.

Thanks.

Silver

Re: Configuring Internal Networks in IPS Manager

You aren't kidding on the $OUT part.

So, if you have a 10.x class A

$IN=10.0.0.0-10.255.255.255

Then,

$OUT=0.0.0.0-9.255.255.255,11.0.0.0-255.255.255.255

This can be a real pain if you have many dozens of non-contiguous ranges. I believe Cisco has a utility available (now) to calculate the inverse of $IN (probably because of our complaining of it). I personally prefer the old way of $OUT != $IN

Silver

Re: Configuring Internal Networks in IPS Manager

Actually, I think with the latest sensor OS you can just use an internal variable and it will figure out the OUT variable for you... Hope it helped.

Please rate if it did.

Thanks.

Jay

128
Views
0
Helpful
3
Replies